Problem with DNS blocking

[tisher]

I'm having trouble with DNS being blocked, and I can't find any log entries related to it.

I'm running SmartSecurity5 (Win7 x64) with 'Strict Protection' enabled. When I first boot up I can resolve DNS requests (web browsing works). Then suddenly I'm not able to resolve any addresses.

The DNS on my machine is set to use my gateway (10.0.0.1). I have the 10.0.0.0/24 subnet in the trusted zone. I tried explicitly entering a rule to allow the DNS and NETBIOS protocols from my gateway, but still have the same problem. I turned on logging for the personal firewall. In the logs I get results that incoming UPnP requests are being blocked, but I don't see anything else (while trying to browse the web).

Is there anything I need to do to allow DNS out of the box using 'Strict Protection' or is there anything I can try? Thanks in advance for any help you can provide. Please let me know if you have any other questions.

-wiley

[Gao Hongming]

@wiley

If you want to avoid having DNS blocked, then start encrypting your DNS. This will also load webpages FASTER, because it uses UDP instead of TCP, packet size is smaller thanks to Curve25519 cipher, and is more secure than plain text as you know.

Here are the instructions for anyone else who wants to encrypt their DNS using the binary DNScrypt as a proxy using version 0.9.3.

How to Setup DNScrypt Proxy v0.9.3.exe (renamed to EDNS) software on Windows 7 SP1 32bit or 64bit.

1) Just copy this folder (binary file) to your Program Files and then add this program as a Windows Service, so it will automatically launch when booting up the PC.

Install MakeServiceSetup.msi (as Administrator)
Run the MakeService program (or open CMD where MakeService.exe was installed) and use the below SYNTAX to ADD (as appropriately).
MakeService "C:\Program Files\EDNS\EDNS.exe" /Name:EDNS.exe /StartType:auto /DisplayName:"DNS Encryption (EDNS)"


Open Regedit > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EDNS.exe]
Right click over EDNS Registry folder and create a NEW String Value with the name of "Description" without quotes and then right click over Description selecting modify and paste this: DNS Encryption is an application that boost online privacy and security. It works by encrypting all DNS traffic using Curve25519 eliptical curve cryptography between the user and OpenDNS server 208.67.220.220, preventing spying, spoofing or man-in-the-middle attacks.

Go to Control Panel > Administration > Services > "DNS Encryption (EDNS)" and verify the service is started.



2) Then change your DNS configuration to point to your local PC, since it now has a DNS server running on it (127.0.0.1 in IPv4, or ::1 in IPv6). You can do this by going to your "Network Connections", right click over the "Local Area Connection or WLAN Adapter" (or whichever you are using), and select 'Properties' and edit as appropriate. Means to change the DNS for IPV4 as 127.0.0.1 and IPV6 as ::1

3) Clear your DNS cache by running CMD ipconfig/flushdns or REBOOT the PC.
4) Then Test it! Visit http://www.opendns.com/welcome to confirm!

Sources:
https://www.opendns.com/technology/dnscrypt
http://thepileof.blogspot.com/2012/0...ndows-via.html

[Cudni]

maybe this from
http://eset.ua/files/manual/ESET_Per...wall_UG_EN.pdf
"..
Create a new rule named “DNS for client computers”, using the following parameters:
General tab - Direction: IN, Action: ALLOW, Protocol: UDP.
Local tab - Local port: 53 (DNS).
Remote tab - Zone: Trusted zone
"
@Gao Hongming

the issue is rule creation not encrypting dns which wouldn't have helped in this case